<?php
session_start();


require 'connect.php';
$strSQL = "SELECT * FROM officer WHERE OfficerID = '".$_SESSION['OfficerID']."' ";
	$objQuery = mysql_query($strSQL);
	$objResult = mysql_fetch_array($objQuery);

$formid = isset($_SESSION['formid']) ? $_SESSION['formid'] : "";
if ($formid != $_POST['formid']) {
	echo "E00001!! SESSION ERROR RETRY AGAINT.";
} else {
	unset($_SESSION['formid']);
	if ($_POST) {
		require 'connect.php';
		//
		$bookids  = $_POST['book_id'];
		//
		$MemID = mysql_real_escape_string($_POST['MemID']);
		$OfficerID = mysql_real_escape_string($_POST['OfficerID']);
		$total_price = mysql_real_escape_string($_POST['total_price']);
		$status = mysql_real_escape_string($_POST['status']);
		
		$meSql = "INSERT INTO rental (order_date, OfficerID, MemID,status,RentPrice) VALUES (NOW(),'{$OfficerID}','{$MemID}','{$status}','{$total_price}') ";
		$meQeury = mysql_query($meSql);
		if ($meQeury) {
			$order_id = mysql_insert_id();
			for ($i = 0; $i < count($_POST['qty']); $i++) {
				$order_detail_quantity = mysql_real_escape_string($_POST['qty'][$i]);
				$order_detail_price = mysql_real_escape_string($_POST['book_price'][$i]);
				$book_id = mysql_real_escape_string($_POST['book_id'][$i]);
				$status = '1' ;
				//mysql_real_escape_string($_POST['status'][$i]);
				$id_book       = $bookids[$i];
				$lineSql = "INSERT INTO rental_details (order_detail_price, book_code, order_id,book_id,status) ";
				$lineSql .= "VALUES (";
				$lineSql .= "'{$order_detail_price}',";
				$lineSql .= " '{$book_id}',";
				$lineSql .= " '{$order_id}',";
				$lineSql .= " '{$id_book }',";
				$lineSql .= " '{$status}'";
				$lineSql .= ") ";
			
				 mysql_query($lineSql);
	
				 }
			
			mysql_close();
			unset($_SESSION['cart']);
			unset($_SESSION['qty']);
			header('location:index.php?a=order');
		}else{
			mysql_close();
			header('location:index.php?a=orderfail');
		}
	}
}
?>